The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edi ...
Continue Reading
June 07, 2023
Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.Read More ...
Continue Reading
June 07, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in ...
Continue Reading
June 07, 2023
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter ...
Continue Reading
June 07, 2023
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This al ...
Continue Reading
June 07, 2023
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections an ...
Continue Reading
June 07, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6 ...
Continue Reading
June 07, 2023
Back to Main
